googlechromeextensionupdate_m2.exe

Google Chrome Extension Updater

Alactro LLC

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application googlechromeextensionupdate_m2.exe by Alactro has been detected as adware by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dl.dsmstc.com and multiple other hosts.
Publisher:
Alactro LLC  (signed and verified)

Product:
Google Chrome Extension Updater

Description:
Installer

Version:
2013.1.31.2239

MD5:
a155917960212d359a5b72ed982b4ec1

SHA-1:
8202be5d16df901fd8eaf760030dc89468551982

SHA-256:
e63eab09de7082d04095ef4a55255557ec2fe2b0a9b103cb1def8f7c7271ac07

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/14/2024 9:19:50 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Yontoo.Gen2
7.11.84.40

Comodo Security
UnclassifiedMalware
16414

Dr.Web
Adware.Plugin.11
9.0.1.0100

ESET NOD32
Win32/Adware.Yontoo (variant)
8.8438

IKARUS anti.virus
AdWare.Yontoo
t3scan.2.0.3.0

MicroWorld eScan
ADWARE/Yontoo.Gen2
15.0.0.300

Reason Heuristics
PUP.Installer.Alactro.EE
14.8.8.0

Trend Micro House Call
TROJ_GEN.F47V0201
7.2.100

VIPRE Antivirus
Yontoo
18630

File size:
591.6 KB (605,848 bytes)

Product version:
1.12.02

Copyright:
Copyright (c) 2013 Alactro LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\googlechromeextensionupdate_m2.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/15/2012 11:01:43 PM

Valid to:
5/27/2013 12:13:23 AM

Subject:
CN=Alactro LLC, O=Alactro LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
046CAA7E02C7FB

File PE Metadata
Compilation timestamp:
8/9/2011 1:55:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:b0mOsDZc70sG95NhAo99UYNF0ki0AJEPBxWhTje8qAc7wRBbzd235REVbA:qYU0BNhfnRASPBxWhT85MR+JR60

Entry address:
0x1627

Entry point:
55, 8B, EC, 81, EC, 58, 0B, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, A8, F4, FF, FF, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 70, 30, 40, 00, 89, 45, F8, 8D, 85, B8, FC, FF, FF, 50, C7, 85, B8, FC, FF, FF, 14, 01, 00, 00, FF, 15, 6C, 30, 40, 00, 85, C0, 75, 21, FF, 15, 14, 30, 40, 00, 50, 68, 30, 34, 40, 00, E8, 40, FA, FF, FF, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, C5, 01, 00, 00, 68, 1C, 34, 40, 00, 68, 0C, 34, 40, 00, FF, 15, 68, 30, 40, 00, 50, FF, 15, 64, 30, 40, 00, 3B...
 
[+]

Entropy:
7.9877

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file googlechromeextensionupdate_m2.exe has been seen being distributed by the following 3 URLs.

Remove googlechromeextensionupdate_m2.exe - Powered by Reason Core Security